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DETAILED ACTION 

1 . In view of applicant remarks in the Appeal Brief filed on 1 1/1 6/06, PROSECUTION 
IS HEREBY REOPENED. 

To avoid abandonment of the application, appellant must exercise one of the 
following two options: 

(1 ) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply 
under 37 CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed 
by an appeal brief under 37 CFR 41 .37. The previously paid notice of appeal fee 
and appeal brief fee can be applied to the new appeal. If, however, the appeal fees 
set forth in 37 CFR 41.20 have been increased since they were previously paid, then 
appellant must pay the difference between the increased fees and the amount 
previously paid. 

2. Applicant's arguments with respect to claims 1-5, 7-8 and 10-1 1 are moot in view of 
the new ground(s) of rejection. 

3. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior office action. 

4. Claims 1-5, 7-8 and 10-1 1 have been examined. 



Drawings 
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The drawings are objected to under 37 CFR 1.83(a). The drawings must show 
every feature of the invention specified in the claims. Therefore, "network-connected 
home environment" and "devices within the home" recited in claims 7-8 must be shown 
or the feature(s) canceled from the claim(s). No new matter should be entered. 

Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in 
reply to the Office action to avoid abandonment of the application. Any amended 
replacement drawing sheet should include all of the figures appearing on the immediate 
prior version of the sheet, even if only one figure is being amended. The figure or figure 
number of an amended drawing should not be labeled as "amended." If a drawing figure 
is to be canceled, the appropriate figure must be removed from the replacement sheet, 
and where necessary, the remaining figures must be renumbered and appropriate 
changes made to the brief description of the several views of the drawings for 
consistency. Additional replacement sheets may be necessary to show the renumbering 
of the remaining figures. Each drawing sheet submitted after the filing date of an 
application must be labeled in the top margin as either "Replacement Sheet" or "New 
Sheet" pursuant to 37 CFR 1 . 1 21 (d). If the changes are not accepted by the examiner* 
the applicant will be notified and informed of any required corrective action in the next 
Office action. The objection to the drawings will not be held in abeyance. 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
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art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 



5. Claim 4 is rejected under 35 U.S. C. 112, first paragraph, as failing to comply with the 
written description requirement. The claim(s) contains subject matter which was not 
described in the specification in such a way as to reasonably convey to one skilled in 
the relevant art that the inventor(s), at the time the application was filed, had 
possession of the claimed invention and are rejected as failing to comply with the 
enablement requirement since the subject matter was not described in the 
specification in such a way as to enable one skilled in the art to which it pertains, or 
with which it is most nearly connected, to make and/or use the invention. 

6. The original claim 4 recited a gateway that compared requests "for the performance 
of operation on the first processing unit with the access control list". The amended 
claim language submitted by applicant on 6/16/05 changed the limitation to: "all 
operation requests on the first data processing unit". This limitation is present in the 
current claim 4. The limitation suggests that that a gateway component compares 
requests present on the first data processing unit with access control list (ACL) and 
only permitting the requests that are permitted by the ACL. In addition to the 
contradiction in such a limitation (the requests on the first data processing unit are 
the requests that have already being permitted to pass to the first data processing 
unit") the specification does not disclose such a limitation nor clarify how such 
implementation would be possible. 
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The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

7. Claim 4 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

As mentioned above, the amended claim 4 (the amendment presented on 6/16/05) 
seems to provide contradicting statements, thus it is not understood. For purposes 
of further examination the phrase is treated in light of the original claim language " for 
the performance of operation on the first processing unit". 

Claim Rejections - 35 USC § 102 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

8. Claim 10 is rejected under 35 U.S.C. 102(b) as being anticipated by firewalls as 
illustrated by Pfleeger (Charles P. Pfleeger, "Security in computing", 2nd edition, 
1996, ISBN: 0133374866). 

9. Firewalls are secure gateway components, which controls communication across a 
communication link between a first and a second data processing units. Firewalls 
utilize a list of permitted communication in order to permit/execute only permitted 
communication (Pfleeger, pg. 426-434). 
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10. Claim 10 is rejected under 35 U.S.C. 102(e) as being anticipated by Barkley (U.S. 
Patent No. 6202066). 

Barkely discloses a network personal computers linked such that all share certain 
resources, such as a file server and discloses that such networks are commonly 
operated under control of an Such networks are commonly operated under control of 
an "operating system", which may include the capability to provide varying 
individuals with varying "permissions" with respect to objects stored on the file 
server. For example, Microsoft Corporation's "Windows NT" operating system 
provides this capability, by associating an "access control list" ("ACL") (this being an 
example of an "access control specification", as the latter term is used in the art) 
with each "object", e.g., with each controlled file or group of files, i.e., with a directory 
of controlled files. Windows NT allows various permissions to be associated by the 
ACL with individuals or groups of individuals, so that the access sought is permitted 
only if the user's identification matches the a user entry in the ACL or the user is a 
member of a group entry in the ACL, and the user or group entry is associated with 
permissions for the access sought (col. 1 lines 32-54). 
1 1 .This teaching reads on "storing a list of permitted operations which can be requested 
from the second data processing unit, comparing by a secure gateway component 
which controls communication across the communications link, requests to perform 
operations relating to secure resources on the first data processing unit with the list 
of permitted operations, and only executing the permitted operations" as required by 
the independent claim 10. 
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Claim Rejections - 35 USC § 103 

12. Claims 7-8 and 10 remain rejected under 35 U.S.C. 103(a) as being unpatentable 
over Chen (U.S. Patent No. 6060994) in view of Pfleeger (Charles P. Pfleeger, 
"Security in computing", 2nd edition, 1996, ISBN: 0133374866). 

Chen discloses an apparatus that comprises a second data processing unit (a 
monitoring device, object 6) connected to an external communications network 
(public network 5 e.g. Internet) such that an external communications network can 
be received from the external network (Object 50, Fig. 2) connected with a 
communication link with first data processing unit (client-side monitor/control server, 
Fig. 1, col. 2 lines 27-50). Chen also discloses security-critical devices (e.g. 1 and 2) 
within the home environment (objects 200, Fig. 2) managed the first data processing 
unit. 

13. Although Chen does not explicitly disclose application programs running on the first 
data processing unit, the limitation if not inherent is at least implicit. Chen not only 
discloses that the first data processing unit comprises CPU and memory but also 
that it utilizes for communicating information between the second processing unit 
and security-critical devices (Fig. 1 and col. 3 lines 20-col. 4 line 52). Even if the first 
data processing unit did not include application programs running on the first data 
processing unit it would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the application programs, an ordinary 
artisan would have been motivated to use them especially in light of the benefits of 
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software applied in communicating devices as evidenced by the commercial 
success. 

14. Chen does not discloses a gateway component for controlling communications 
across the link that limits the operations which can be performed at the first data 
processing unit in response to requests from the second processing unit to only a 
predefined set of permitted operation. 

15. Discussed above firewalls, illustrated by Pfleeger, control communications across 
the link that limits the operations which can be performed at the first data processing 
unit in response to requests from the second processing unit to only a predefined set 
of permitted operation. 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate a gateway (such as firewalls disclosed by Pfleeger). One of 
ordinary skill in the art would have been motivated to perform such a modification in 
order to prevent a threat of an intruder penetrating the second data processing unit 
connected to security-critical devices. 

16. Claims 1 and 10-1 1 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Nathanson (U.S. Patent No 6263268). 

Nathanson teaches a system 10 incorporated in a vehicle (Fig. 1, col. 2 lines 31-33). 

17. As per claims 1 and 10-11, Nathanson discloses a first data processing unit (15) 
connected to device control units of the vehicle (Fig. 1 and col. 2 lines 31-38 and col. 
4 lines 28-33), a second data processing unit (25) connected to communications 
apparatus providing a wireless connection (35) to an external network (e.g. Internet, 
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Fig. 1 and col. 3 lines 20-22 and col. 4 lines 4-16), such that operation requests can 
be received at the second data processing unit from the external network (Fig. 1 , col. 
3 lines 20-22 and col. 4 lines 4-16), a data communications link between the first and 
second data processing units (Fig. 1 and col. 2 lines 19-21). 
Nathanson teach communication across the data communication link (col. 3 lines 1- 
16) and in col. 3 lines 1-30 discloses that a second data processing unit translates 
received commands from an external network to ODB protocol compatible 
commands, which corresponds to limiting passing of the operation request to only a 
predefined set of permitted operations would enable proper execution of external 
commands. 

18. Claims 2 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Nathanson (U.S. Patent No 6263268) in view of Coverdill (U.S. Patent No. 
5890080). 

Nathanson discloses limiting passing of the operation requests from the second data 
processing unit (B) to the vehicle's device control units via the first data processing 
unit (A) as discussed above. However, even though Nathanson explicitly discloses 
that the requests sent to first data processing unit enables the first data processing 
unit to communicate with the vehicle's device control units (e.g. col. 2 lines 31-48) 
Nathanson fails to teach the first data processing unit storing in an unmodifiable form 
a list of the predefined set of permitted operations that is compared with all operating 
requests received form the second processing unit before passing the permitted 
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operation request to respective ones of the device control units and to discard non- 
permitted operation. 

However, as shown by Coverdill (USPN 5890080) storing in an unmodifiable form a 
list of the predefined set of permitted operations allows a processing unit to 
communicate with a particular vehicle's device control unit (e.g. col. 5 lies 5-15, lines 
50-65, col. 8 line 64- col. 19. Since the first data processing unit in Nathanson's 
invention communicates with a plurality of vehicle's device control units, it would 
have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate an unmodifiable form a list of the predefined set of permitted 
operations as disclosed by Coverdill given the benefit of forwarding the requests to a 
correct particular vehicle's device control unit. 
19. The examiner points out that since the permitted set of operations would identify set 
of operations directed to a particular vehicle's device control unit, only the permitted 
operations requests (found in the list) would be passed to the set of the control units. 
Also, an ordinary artisan would readily recognize that any data (including operation 
requests) require (tight up) computing resources (execution time and storage 
space), and that keeping non-permitted instructions (requests) increase the risk of 
accidental execution. Thus, it would have been obvious to one of ordinary skill in the 
art at the time of applicant's invention to discard non-permitted operation requests 
given the benefit of saving unnecessary use of resources and preventing system's 
corruption. 
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20. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Nathanson 
(U.S. Patent No 6263268) in view of Elkin (U.S. Patent No. 61231 74). 
Nathanson's discloses the second data processing unit receiving requests from 
requestors directed towards mapping the request to requests compatible with the 
first data processing unit (col. 3 lines 4-16). 

21. Nathanson does not teach one or more access control lists (ACL) defining which 
operation requests are permitted for particular requestors and compared with all 
operation requests in order to passing only permitted (for the respective requestors) 
and discarding non-permitted requests. 

Elkin (USPN 6123174) discloses permitting operations of particular requestors 
using an ACL defining which operation requests are permitted for particular 
requestors (Elkin, Abstract, col. 18 line 61- col. 19 line 3, etc.). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's invention to utilize 
an ACL defining which operation requests are permitted for particular requestors in 
order to utilize security levels to establish limits to limit actions of operators. 
Although Nathanson in view of Elkin do not explicitly disclose discarding non- 
permitted operations, the examiner that in computer systems there are inherently 
only two options: saving or discarding data. An ordinary artisan would readily 
recognize that any data (including operation requests) require (tight up) computing 
resources (execution time and storage space), and that keeping non-permitted 
instructions (requests) increase the risk of accidental execution. Thus, it would have 
been obvious to one of ordinary skill in the art at the time of applicant's invention to 
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discard non-permitted operation requests given the benefit of saving unnecessary 
use of resources and preventing security. 

22. Claims 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over Nathanson 
(U.S. Patent No 6263268) in view of Coverdill (U.S. Patent No. 5890080) and in 
further view of Serughett (Marc Serughett, "OSEK: a super-small kernel for deeply 
embedded applications?", 1999). 

Nathanson in view" of Coverdill teach the first data processing unit the gateway 
component implemented in a vehicle as discussed above. 

Although Coverdill suggests implementation of SAE standards, Nathanson in view of 
Coverdill does not explicitly discuss details of the operating system implemented in 
the vehicle and as a result there is not disclosure of the first data processing unit and 
the gateway component running in the static operating system environment. 
In its publication Serughett teaches the OSEKA/DX static operating system and 
discloses various benefits of OSEK. 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to run the first data processing unit and the gateway component running 
the static operating system as taught by Serughett given the various benefit 
disclosed by Serughett: reliability, minimal resource usage, highly efficient 
scheduling, etc. 

23. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Nathanson 
(U.S. Patent No 6263268) in view of Elkin (U.S. Patent No. 6123174) and in further 
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view of Serughett (Marc Serughett, "OSEK: a super-small kernel for deeply 
embedded applications?", 1999). 

Authentication of requestors against access control list have been discussed above 
in light of Nathanson in view of Elkin. 

24. Nathanson in view of Elkin do not disclose implementation of RTOS. 

Serughett, discussed regarding claim 3, discloses RTOS (OSKEA/DX) and provides 
motivation to combine (e.g. Serughett, pg. 26-27). 

25. Claims 7-8 remain rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bassett (U.S. Patent No 5706191 ) in view of Richardson (U.S. Patent No 6427202). 
Bassett teach a first data processing unit (an appliance interface module, AIMs, 70- 
78) connected to one or more security critical resources (water heater 71 , gas meter 
50, etc.) and a second processing unit (controller 15, Fig. 1) connected to an 
external communications network (Fig. 6, col. 12 lines 41-57) such that operation 
request can be received from the external network (col. 12 lines 41-57) a data 
communication link between the first and second data processing units (wiring 
system 20, Fig. 1 , col. 5 lines 25-27), wherein the first and second data processing 
units and the link between them are implemented within a network-connected home 
environment (Fig. 1), and the security-critical resources include security-critical 
devices within the home which are managed by application programs running on the 
first data processing unit (Fig. 1 5, col. 9 lines 29-34 and line 51-67). 

Bassett does not explicitly name a gateway component for controlling 
communications across the link but (see, col. 14 lines 25-31) it is clear that some 



Application/Control Number: 09/501 ,756 Page 14 

Art Unit: 2134 

kind of gateway component (e.g. a processor) is present in Bassett' invention in 
order to enable communication between the external network and the first data 
processing unit. 

Bassett does not teach the gateway component limiting the operations which can be 
performed at the first data processing unit in response to requests from the second 
processing unit to only a predefined set of permitted operation. 
Richardson teaches a gateway limiting the operations which can be performed at the 
first data processing unit in response to requests from the second processing unit to 
only a predefined set of permitted operation (col. 5 lines 49-59). 
It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to implement limiting the operations which can be performed at the first 
data processing unit in response to requests from the second processing unit to only 
a predefined set of permitted operation given the benefit of increased security. 
26. As per claim 8 Bassett in view of Richardson do not teach that the external network 
is the Internet. However, utilizing Internet as an external network is an obvious 
variation that is well known in the art. One would have been motivated to use them 
especially in light of the benefits of Internet as evidenced by Internet commercial 
success. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

Spaur (U.S. Patent No: 5732074), 
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Schaller (U.S. Patent No. 5365436), 
Berra (U.S. Patent No. 5787367), 
Coverdill (U.S. Patent No. 5890080), 
Wallace (U.S. Patent No. 5938708), 
Gluts (U.S. Pub. No. 2004/0153656). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571) 272- 
3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). JlrfeE 




